### 简要描述:
捡漏啊
### 详细说明:
前人有经验: [WooYun: 某通用型电子采购平台SQL注射(涉及大量企业)](http://www.wooyun.org/bugs/wooyun-2014-062918)
厂商:
```
http://www.1caitong.com/ 北京网达信联科技发展有限公司
```
SQL注入点:
```
/GetPassWord.aspx POST参数txtUserName存在注入
```
Case:
```
http://eps.umgg.com.cn/GetPassWord.aspx
http://ygcg.xuangang.com.cn/GetPassWord.aspx
http://222.134.89.6/GetPassWord.aspx
http://221.193.197.48/GetPassWord.aspx
http://eps.unischem.com/GetPassWord.aspx
```
### 漏洞证明:
此注入需要非常耐心;因为它是时间盲注;所以我只跑当前库
```
1、
```
[<img src="https://images.seebug.org/upload/201505/16191149a75c34815d1ce1956563360d001e7096.jpg" alt="01.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/16191149a75c34815d1ce1956563360d001e7096.jpg)
```
```
[<img src="https://images.seebug.org/upload/201505/16191158f4a55b4e21f8e4914756f962d8e4076c.jpg" alt="02.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/16191158f4a55b4e21f8e4914756f962d8e4076c.jpg)
```
```
[<img src="https://images.seebug.org/upload/201505/161912194751ab1f79b122fb2a88e4000da424fa.jpg" alt="03.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/161912194751ab1f79b122fb2a88e4000da424fa.jpg)
```
2、
```
[<img src="https://images.seebug.org/upload/201505/16191258c86360e2bf97034820d906864ff7802e.jpg" alt="04.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/16191258c86360e2bf97034820d906864ff7802e.jpg)
```
```
[<img src="https://images.seebug.org/upload/201505/1619130367c7585a4f1fa6ea052faea4554205fd.jpg" alt="05.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/1619130367c7585a4f1fa6ea052faea4554205fd.jpg)
```
```
京公网安备 11010502034610号
暂无评论